Bug#23540008 SAFE GUARD FOR CHARSET_INFO RETURNED FROM GET_CHARSET

marcalff · marcalff · commit a732d5e178b9 · 2016-06-10T09:35:16.000+02:00
When executing a SELECT from tables:
- performance_schema.events_statements_current
- performance_schema.events_statements_history
- performance_schema.events_statements_history_long

the code reads data that can be concurrently written to.

This race condition is expected (performance schema data buffers are lock
less), but the code is not robust enought.

In particular, the character set for the sql query text may be invalid.

Before this fix, this condition could cause a crash.

With this fix, reading an invalid character set will truncate the SQL
TEXT column.
diff --git a/storage/perfschema/table_events_statements.cc b/storage/perfschema/table_events_statements.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -340,11 +340,17 @@ void table_events_statements_common::make_row_part_1(PFS_events_statements *stat
   CHARSET_INFO *cs= get_charset(statement->m_sqltext_cs_number, MYF(0));
   size_t valid_length= statement->m_sqltext_length;
 
-  if (cs->mbmaxlen > 1)
+  if (cs != NULL)
   {
-    int well_formed_error;
-    valid_length= cs->cset->well_formed_len(cs, statement->m_sqltext, statement->m_sqltext + valid_length,
-                                            valid_length, &well_formed_error);
+    if (cs->mbmaxlen > 1)
+    {
+      int well_formed_error;
+      valid_length= cs->cset->well_formed_len(cs,
+                                              statement->m_sqltext,
+                                              statement->m_sqltext + valid_length,
+                                              valid_length,
+                                              &well_formed_error);
+    }
   }
 
   m_row.m_sqltext.set_charset(cs);
